hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : VPS Hosting : Server Hacked - by niroda
Reply

Forum Jump

Server Hacked - by niroda

Reply Post New Thread In VPS Hosting Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old
Newbie
 
Join Date: Mar 2012
Posts: 16

Server Hacked - by niroda


My VPS with EUK Host got hacked yesterday. All sites on it have had all content deleted and replaced with a hacked message. EUK can't restore any of the sites as their backups were also compromised. Luckily I have a recent backup of the most important site that I DL'd on Saturday. The rest of the sites have no backups, sadly.

I am interested to know if I have been misled with the circumstances of the hack. The support people tell me that it's my fault and my problem as my root password is weak (it was not weak at all) plus I was running wordpress sites and that's where the breach took place. I was under the impression that sites COULD get hacked but that hack could not gain access to the server itself. This was my understanding anyway. Also, I note that their VPS Node : EL58 is under attack and that "Mar 05, 2012 Urgent Maintenance : backup4 server". Coincidence that all my sites have no backups? Any advice on what I can or should do? Suspect you will all say it's my own fault for not taking backups for the other sites etc!

I will be looking for a new host. I have been messed about all day. Promised info, calls and ticket updates. Just had one of the chat operators getting quite terse with me too. EUK were OK but the end of last year and this year have been terrible.

Can anyone recommend a good UK host? I do need it to be UK though.



Sponsored Links
  #2  
Old
Technical Nutcase
 
Join Date: Mar 2009
Location: Miami, Florida
Posts: 18,674
Quote:
Originally Posted by Jezsez View Post
My VPS with EUK Host got hacked yesterday. All sites on it have had all content deleted and replaced with a hacked message. EUK can't restore any of the sites as their backups were also compromised. Luckily I have a recent backup of the most important site that I DL'd on Saturday. The rest of the sites have no backups, sadly.

I am interested to know if I have been misled with the circumstances of the hack. The support people tell me that it's my fault and my problem as my root password is weak (it was not weak at all) plus I was running wordpress sites and that's where the breach took place. I was under the impression that sites COULD get hacked but that hack could not gain access to the server itself. This was my understanding anyway. Also, I note that their VPS Node : EL58 is under attack and that "Mar 05, 2012 Urgent Maintenance : backup4 server". Coincidence that all my sites have no backups? Any advice on what I can or should do? Suspect you will all say it's my own fault for not taking backups for the other sites etc!

I will be looking for a new host. I have been messed about all day. Promised info, calls and ticket updates. Just had one of the chat operators getting quite terse with me too. EUK were OK but the end of last year and this year have been terrible.

Can anyone recommend a good UK host? I do need it to be UK though.
Hello,
When a provider posts that a server is under attack, it typically involves a DDoS attack, not a defacement. May I ask if you were running a control panel and using a strong password. It almost sounds like the attacker managed to get your root codes.

__________________
http://iSheep.net - The ultimate iSheep simulator

  #3  
Old
Disabled
 
Join Date: Jan 2012
Posts: 98
If their backups got compromised too, doesn't that mean their server was hacked? If that is the case, it wasn't your fault at all. Seems they need to do server audits a bit more often and setup their servers better.

Sponsored Links
  #4  
Old
Newbie
 
Join Date: Mar 2012
Posts: 16
Quote:
Originally Posted by KMyers View Post
Hello,
When a provider posts that a server is under attack, it typically involves a DDoS attack, not a defacement. May I ask if you were running a control panel and using a strong password. It almost sounds like the attacker managed to get your root codes.
Yes, it has control panel. I would say that the password was very strong.

It's alwasy possible that somehow my security has been compromised locally. I would be surprised though. Why go for the server (just one server ((so far!!)) at that) and not the paypal account or something worse? My local machine has good security but I doubt it would stop something new or really good, if any security would.

  #5  
Old
Technical Nutcase
 
Join Date: Mar 2009
Location: Miami, Florida
Posts: 18,674
Quote:
Originally Posted by JoeBates View Post
If their backups got compromised too, doesn't that mean their server was hacked? If that is the case, it wasn't your fault at all. Seems they need to do server audits a bit more often and setup their servers better.
That may not be the case. A backup server is often a separate machine. I not see if they did backups of the VMs so I asked and confirmed they do

__________________
http://iSheep.net - The ultimate iSheep simulator

  #6  
Old
Newbie
 
Join Date: Mar 2012
Posts: 16
Quote:
Originally Posted by JoeBates View Post
If their backups got compromised too, doesn't that mean their server was hacked? If that is the case, it wasn't your fault at all. Seems they need to do server audits a bit more often and setup their servers better.
That was my thought too. But they are merely saying that their backup was taken after the hack. Conveniently.

  #7  
Old
ShillBuster
 
Join Date: Jun 2003
Location: Spain
Posts: 4,038
Quote:
Originally Posted by Jezsez View Post

Can anyone recommend a good UK host? I do need it to be UK though.
FutureHosting without a doubt!

  #8  
Old
Web Hosting Master
 
Join Date: Jun 2011
Location: Aberdeen
Posts: 2,457
Quote:
Originally Posted by Jezsez View Post
That was my thought too. But they are merely saying that their backup was taken after the hack. Conveniently.
Was your VPS control panel password where you start the backup the same as any other that you use elsewhere?

  #9  
Old
Disabled
 
Join Date: Jan 2012
Posts: 98
Quote:
Originally Posted by Jezsez View Post
That was my thought too. But they are merely saying that their backup was taken after the hack. Conveniently.
That would make more sense, that sucks!

  #10  
Old
Newbie
 
Join Date: Mar 2012
Posts: 16
Quote:
Originally Posted by Flapadar View Post
Was your VPS control panel password where you start the backup the same as any other that you use elsewhere?
I think it may be the same password for the mail server, possibly.

  #11  
Old
Junior Guru Wannabe
 
Join Date: Dec 2011
Posts: 91
Quote:
Originally Posted by Jezsez View Post
My VPS with EUK Host got hacked yesterday. All sites on it have had all content deleted and replaced with a hacked message. EUK can't restore any of the sites as their backups were also compromised. Luckily I have a recent backup of the most important site that I DL'd on Saturday. The rest of the sites have no backups, sadly.

I am interested to know if I have been misled with the circumstances of the hack. The support people tell me that it's my fault and my problem as my root password is weak (it was not weak at all) plus I was running wordpress sites and that's where the breach took place. I was under the impression that sites COULD get hacked but that hack could not gain access to the server itself. This was my understanding anyway. Also, I note that their VPS Node : EL58 is under attack and that "Mar 05, 2012 Urgent Maintenance : backup4 server". Coincidence that all my sites have no backups? Any advice on what I can or should do? Suspect you will all say it's my own fault for not taking backups for the other sites etc!

I will be looking for a new host. I have been messed about all day. Promised info, calls and ticket updates. Just had one of the chat operators getting quite terse with me too. EUK were OK but the end of last year and this year have been terrible.

Can anyone recommend a good UK host? I do need it to be UK though.

Sounds fishy. Backups compromised!?! C'mon. Really? Only way to have compromised backups is not taking them frequently. Check out /var/log/messages. Compare root login IPs against your own. Unless that was compromised too.

__________________
BigInstance.com
[+] VPS - KVM HVM - 4GB & up
[+] Dedicated CPU core(s)
sales [@] biginstance.com


  #12  
Old
Temporarily Suspended
 
Join Date: Feb 2012
Posts: 156
Quote:
Originally Posted by XTremo View Post
FutureHosting without a doubt!
I was going to recommend them too, they also will be able to ensure that your VPS is up to date, secure, and give you proper managed support and security, along with monitoring. I would check 'em out.

  #13  
Old
Newbie
 
Join Date: Mar 2012
Posts: 16
This is the incomprehensible support ticket reply:

"As per your telephonic conversation with Suzanne, we have tried to restored data from our backup system but unfortunately, there are the same files available as they are on your VPS.

We can do one thing, if sites on your VPS other than the sites available in backup with you are not important for you then we can create a new VPS for you with the same configuration, apply all the security tweaks and then restore important sites backup on it. This way, you will get secured VPS with all important data."

Seems to me that the last VPS was not secure, by their own admission.

Thanks for the recommendation on host - but it needs to be a UK host I'm afraid.

  #14  
Old
Aspiring Evangelist
 
Join Date: Apr 2010
Location: North Carolina
Posts: 430
Quote:
Originally Posted by Jezsez View Post
Seems to me that the last VPS was not secure, by their own admission.
Is this a managed VPS? If not, securing your VPS is your job.

__________________
Advertise on FreeVPS.us

  #15  
Old
Newbie
 
Join Date: Mar 2012
Posts: 9
Quote:
Originally Posted by Jezsez View Post
My VPS with EUK Host got hacked yesterday. All sites on it have had all content deleted and replaced with a hacked message. EUK can't restore any of the sites as their backups were also compromised. Luckily I have a recent backup of the most important site that I DL'd on Saturday. The rest of the sites have no backups, sadly.

I am interested to know if I have been misled with the circumstances of the hack. The support people tell me that it's my fault and my problem as my root password is weak (it was not weak at all) plus I was running wordpress sites and that's where the breach took place. I was under the impression that sites COULD get hacked but that hack could not gain access to the server itself. This was my understanding anyway. Also, I note that their VPS Node : EL58 is under attack and that "Mar 05, 2012 Urgent Maintenance : backup4 server". Coincidence that all my sites have no backups? Any advice on what I can or should do? Suspect you will all say it's my own fault for not taking backups for the other sites etc!

I will be looking for a new host. I have been messed about all day. Promised info, calls and ticket updates. Just had one of the chat operators getting quite terse with me too. EUK were OK but the end of last year and this year have been terrible.

Can anyone recommend a good UK host? I do need it to be UK though.

This happened to a client of mine. They were using Avail[-bleep-]. Their VPS software had a vulnerability in it and all of my client's domains were hacked. Had nothing to do with negligence of my client. No weak passwords, vulnerable software, etc.

Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
Can my blog be hacked on shared hosting if my neighbour is hacked? zobe Hosting Security and Technology 17 03-10-2011 04:09 AM
Server hacked : how can I find out how they are uploading files to my server? listenmirndt Hosting Security and Technology 4 04-14-2007 12:44 PM
Server is hacked!~ which company provide secure and fast VPS server? kittyyau VPS Hosting 6 08-24-2006 04:11 PM
Plesk server hacked, hiring to move clients to new server DaveNET Employment / Job Offers 3 07-30-2005 09:56 PM
Is my server hacked? Huge data is uploaded from server !! wmac Web Hosting 5 08-05-2001 10:50 PM

Related posts from TheWhir.com
Title Type Date Posted
HostGator Says Reports of a Server Breach by CaLLSTaCK are a Hoax Web Hosting News 2014-10-23 11:57:54
Server Protected with Default Password Enables Healthcare.gov Hack Web Hosting News 2014-09-05 09:51:28
Could Website Hackers be Chasing Hosting Customers Away? Blog 2013-08-27 09:07:42
Syrian Electronic Army Targets Top US Media Websites in Outbrain Platform Hack Web Hosting News 2013-08-16 10:46:10
Apache Malware Darkleech Spreads Rapidly with Increase in Attacks Web Hosting News 2013-07-03 12:11:03


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
WHT Host Brief Email:

We respect your privacy. We will never sell, rent, or give away your address to any outside party, ever.

Advertisement:
Web Hosting News:
WHT Membership
WHT Membership



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?